(Tcl) Encrypt File using X.509 Certificate using AES in CBC Mode

Demonstrates how to encrypt a file using an X.509 Certificate's public key, where the underlying bulk encryption algorithm is 128-bit AES in CBC mode. (The underlying bulk encryption algorithm can be specified to be other algorithms/strengths.)

Chilkat Tcl Extension Downloads

load ./chilkat.dll
# This example requires the Chilkat Crypt API to have been previously unlocked.# See Unlock Chilkat Crypt for sample code.
set crypt [new_CkCrypt2]
# Use public-key cryptography for encryption.CkCrypt2_put_CryptAlgorithm $crypt "pki"# Get an X.509 certificate to use for encrypting.# Note: Chilkat provides many different ways of loading a certificate, from many different formats,# or if on Windows, from the installed certificates on the system.# This example simply loads a certificate from a file.# Also, for encryption, only the public key is needed. Digital certificates embed the public key# within the X.509 format itself. Therefore, if you have a certificate, you also have the public key.
set cert [new_CkCert]
set success [CkCert_LoadFromFile $cert "qa_data/certs/testCert.cer"]
if {[expr $success != 1]} then {
puts [CkCert_lastErrorText $cert]
delete_CkCrypt2 $crypt
delete_CkCert $cert
exit
}
set success [CkCrypt2_SetEncryptCert $crypt $cert]
if {[expr $success != 1]} then {
puts [CkCrypt2_lastErrorText $crypt]
delete_CkCrypt2 $crypt
delete_CkCert $cert
exit
}
# Indicate the underlying bulk encryption algorithm to be used:CkCrypt2_put_Pkcs7CryptAlg $crypt "aes"CkCrypt2_put_KeyLength $crypt 128# Note: When doing public-key encryption the underlying bulk symmetric cipher mode will always be CBC. (at least with Chilkat...)# There's one last option that could be set. If is the RSA encryption encryption/padding scheme.# By default, RSAES_PKCS1-V1_5 is used. If desired, the OaepPadding property could be set to 1 to# use RSAES_OAEP. (We'll leave it set at the default value of 0)CkCrypt2_put_OaepPadding $crypt 0# Everything is specified. Now just encrypt...# The output is PKCS7 in binary DER format.set success [CkCrypt2_CkEncryptFile $crypt "qa_data/hamlet.xml""qa_output/hamlet.p7"]
if {[expr $success != 1]} then {
puts [CkCrypt2_lastErrorText $crypt]
delete_CkCrypt2 $crypt
delete_CkCert $cert
exit
}
puts "Finished."
delete_CkCrypt2 $crypt
delete_CkCert $cert